This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Enterprise Business Application Vulnerability Statistics 2009

From OWASP
Revision as of 10:59, 12 October 2010 by Alexander (talk | contribs) (Created page with '== Objective == This document is the firs ststistics report which will be repeated annually with showing tendencies and changes in EBA security area. == Purpose == This do…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Objective

This document is the firs ststistics report which will be repeated annually with showing tendencies and changes in EBA security area.

Purpose

This document we will show a result of statistical research in the Business Application security area made by DSECRG and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications and how critical are those.

Intro

Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nonetheless people still don’t pay much attention to Enterprise Business Application area as we see during our and our collegues research and audit data. Business applications are very large and complex systems that consists of different components such as Database server, Front-end, Web server, Application server and other parts. Also those systems lay on different Hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as: • Network architecture security • Os security • Database security • Application security • Front-end security

Every described layer may have their own vulnerabilities that can give attacker full access to business data even if other layers are fully secured. The purpose of this document to Increase awareness of Business Application security.

Links

Presentation by Dmitry Evdokimov and Dmityy Chastuhin:

SAP SDN page with latest vulnerabilities

Oracle Secalert page with latest vulnerabilities

link title


Authors

Alexander Polyakov (ERPSCAN.COM) Dmitriy Chastuhin (ERPSCAN.COM) Dmitriy Evdokimov (ERPSCAN.COM)


Contributors

Leodid Kats (dsec.ru) Olga Yurova (dsec.ru)